The vulnerability requires that an attacker have valid logon credentials or, to put it in a more concrete way, that a logged-on user run the attack code. The attack code creates a special registry key. When the scanner encounters this key the privileges of the attack program are elevated to those of the LocalSystem user.

LocalSystem is a predefined local account used by the service control manager. It acts for the computer on the network and has substantial privileges.

The advisory is unclear as to when the update which fixes the vulnerability was issued, but it does say that users normally configure all affected products to update themselves automatically, and that this typically will install the update within 48 hours of release. So it's a fair bet that the update was released about 48 hours ago.

The affected products are:

Windows Live OneCare

Microsoft Security Essentials

Microsoft Windows Defender

Microsoft Forefront Client Security

Microsoft Forefront Endpoint Protection 2010

Microsoft Malicious Software Removal Tool

There are a number of reasons not to be especially worried about this. Microsoft says that the vulnerability was privately reported and that they have no evidence that it was being exploited before it was fixed. The fixes apply automatically, so if you should be protected by now unless you shut off updates to your anti-virus product, which everyone knows is a bad idea. Finally, the attack requires that the key be created in the context of a logged-on user. This isn't crazy difficult, but it's harder that anonymously and remotely attacking a user.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service